Mend.io SAML Vulnerability Exposed

Written by

WithSecure has unveiled a new security vulnerability in Mend.io’s application security platform today, raising concerns about data privacy and potential exploitation. 

Mend.io, a provider of application security solutions with over 1000 customers, has swiftly addressed the issue.

The vulnerability centers on Mend.io’s implementation of the Security Assertion Markup Language (SAML) login option, a standard method for enabling Single Sign-On (SSO) authentication across various online services.

Mend.io’s SAML login lacked proper scoping, allowing a Mend.io customer with malicious intent to gain unauthorized access to the data of other customers within the same Software-as-a-Service (SaaS) environment simply by guessing a valid email address.

Read more on SaaS Management: How to Navigate the Complexity of SaaS Management

In a SAML-based SSO system, users can access multiple applications using a single set of login credentials. However, in this instance, Mend.io’s lax scoping meant a threat actor could exploit the vulnerability to access sensitive data from other organizations using the platform.

“The SSO service would accept any legitimate customer’s email address without any additional authentication,” explained WithSecure chief architect Ari Inki.

“Attackers would only need to get a Mend.io account in a specific SaaS environment, configure it to accept the SSO authentication method, and then use an email address for the target company's account – steps which are all doable by today’s cyber-criminals.”

While no active exploitation of this vulnerability has been reported, the potential consequences are significant. Attackers could misuse the gathered information to target vulnerable software identified through the Mend.io platform, posing a substantial risk to affected organizations.

WithSecure identified the issue in May 2023 and promptly informed Mend.io. The company acted swiftly to confirm the findings and collaborate with WithSecure on a solution. Remediation involved the implementation of an additional layer of security to prevent cross-account/organization collaboration, mitigating the risk.

“Securing our customer’s data is vital to our organization, and we’re happy that WithSecure was proactive in helping us identify and fix this problem,” said Robert Nilsson, executive vice president of customer experience at Mend.io.

“By working together, we were able to move quickly to ensure the issue was fixed before it was used by any threat actors to attack our customers.”

Given the vulnerability’s discovery and subsequent resolution, Mend.io customers are urged to review relevant logs for any signs of abuse, even though no active exploitation has been observed.

What’s hot on Infosecurity Magazine?